CVE-2005-0156

Description

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

How to fix CVE-2005-0156

To remediate CVE-2005-0156, upgrade the affected package to a fixed version below.

• Debian/perl—upgrade to 5.8.4-6 or later

Is CVE-2005-0156 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 5.8.4-6

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2005-0156